<?php

namespace app\controllers;

use yii\web\Controller;

class Test3Controller extends Controller
{
    // SQL注入防范
    public function actionIndex()
    {
        $user = (new \yii\db\Query())
            ->select('*')
            ->from('users')
            ->where('name=:name', [':name' => 'zhangsan'])
            ->one();

        print_r($user);
    }
    /*
    // CSRF防范
    public function actionIndex()
    {
        if (\Yii::$app->request->isPost) {
            echo \Yii::$app->request->post('title');
        } else {
            $csrfToken = \Yii::$app->request->csrfToken;
            return $this->renderPartial('test1', ['csrfToken' => $csrfToken]);
        }
    }
    */
    /*
    // XSS过滤防范
    public function actionIndex()
    {
        \Yii::$app->response->headers->add('X-XSS-Protection', '0'); // 关闭默认XSS攻击防范
        $script = \Yii::$app->request->get('script');
        echo \yii\helpers\HtmlPurifier::process($script);
    }
    */
    /*
    // XSS转码防范
    public function actionIndex()
    {
        \Yii::$app->response->headers->add('X-XSS-Protection', '0'); // 关闭默认XSS攻击防范
        $script = \Yii::$app->request->get('script');
        echo \yii\helpers\Html::encode($script);
    }
    */
}